[ietf-dkim] Proposal: Removal of AUID (i= tag/value)
Charles Lindsey
chl at clerew.man.ac.uk
Mon Apr 11 02:06:51 PDT 2011
On Fri, 08 Apr 2011 19:55:09 +0100, Franck Martin <fmartin at linkedin.com>
wrote:
> On 4/8/11 23:38 , "Charles Lindsey" <chl at clerew.man.ac.uk> wrote:
>> In practice, there are three usages which seem to be common; are there
>> others?
>>
>> 1. FROM = Alice at whatever i=sales.example.com d=example.com
>>
>> 2. FROM = Alice at example.com i=sales at example.com d=example.com
>>
>> 3. From = Alice at example.com i=bob at example.com d=example.com.
.....
>> So my inclination is to leave 'i=' there. ...
>
> This is outside the current DKIM spec, but from your example, we could
> define 3 level of reputations for the domain d=example.com (I'll exclude
> case 1. As I don't know yet what to do with it)
>
> Level 1) Alice
> Level 2) sales or bob
> Level 3) the whole domain example.com
>
> It is then possible to decide if we should block (or whitelist) all
> emails
> from alice, or all emails coming from sales (or bob) stream, or all
> emails
> signed by d=example.com
I think you may have missed the point of my 'bob' example. It would have
been clearer if I had said:
3. From = Alice at example.com i=mallet at example.com d=example.com.
Where mallet is some disgruntled example.com employee posing as Alice. A
human seeing that evidence (E.g. in an A-R header) might well conclude the
message was bogus. But it would be hard for an automaton to spot it.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list